Site Navigation

Site Mobile Navigation

Dial-Up Law in a Broadband World

The Internet has given the government powerful 21st-century tools for invading people’s privacy and monitoring their activities, but the main federal law governing online privacy is a 20th-century relic. Adopted in 1986, it has had trouble keeping up with technological advances and is now badly out of date.

Congress has not moved to fix this problem, but a surprising coalition of major technology companies and civil liberties advocates have produced a blueprint for updating the law and both houses of Congress are poised to hold hearings. Having lawmakers proclaim their concern and ask learned questions will not be enough. The Electronic Communications Privacy Act is long past due for an upgrade.

Privacy is central to American law. And in 1986, Congress applied that principle to electronic communications by setting limits on law enforcement access to Internet and wireless technologies. It was a laudable law at the time, but cellphones were still oddities, the Internet was mostly a way for academics and researchers to exchange data and the World Wide Web that is an everyday part of most Americans’ lives did not exist.

The law is no longer comprehensive enough to cover the many kinds of intrusions made possible by the advances of the past 24 years. In the absence of strong federal law, the courts have been adrift on many important Internet privacy issues. The law is not clear on when search warrants are required for the government to read stored e-mail, what legal standards apply to GPS technology that tracks people’s whereabouts in real time and other critical questions.

Digital Due Process — a coalition that includes Google, Microsoft, the Center for Democracy and Technology and the American Civil Liberties Union — recently proposed a good set of principles for addressing those issues. The coalition recommends that all private data not voluntarily made public, such as stored e-mail or private financial data, should be as protected as data in a person’s home. To get it, the government should need a search warrant.

For locational data — information about where a person has physically been, or currently is — the coalition also recommends that a search warrant be required. That would clear up a murky area of the law in which courts have reached different conclusions about information obtained through GPS devices, cellphone towers and other technologies.

The coalition argues that when federal law authorizes a subpoena for customer data, it should be limited to information about a particular individual or individuals. This would prevent fishing expeditions, such as a request for data on everyone who visited a particular Web site on a given day.

The coalition’s recommendations do not address other important Internet privacy issues that involve the ability of private companies to monitor and record their users’ behavior. They also sidestep questions about how accessible data should be to private litigants, such as one company suing another. The recommendations do not include requirements that companies report on the personal data they are collecting and storing — a kind of transparency that customers should be entitled to.

Despite that, the Digital Due Process has gotten this much-needed discussion off to a strong start and set the bar high for hearings by the Senate and House Judiciary Committees.

A version of this editorial appears in print on April 9, 2010, on page A26 of the New York edition with the headline: Dial-Up Law in a Broadband World. Today's Paper|Subscribe